package com.example.demo;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class Function {
    DBConnection DBConn = new DBConnection();
    public boolean CheckLogin(Connection conn, String s1,String s2) throws SQLException{
        Statement stmt = conn.createStatement();
        ResultSet rs = null;
        boolean OK = true;
        String AdminPwd = "";
        String User = CheckReplace(s1);
        String Pwd = CheckReplace(s2);
        String Sql = "select * from Admin where AdminName='" + User +"'";
        rs = stmt.executeQuery(Sql);
        if (!rs.next()){
            OK = false;
        }else {
            AdminPwd = rs.getString("AdminPwd");
            OK = Pwd.equals (AdminPwd);
        }
        return OK;
    }


public String CheckReplace(String s) {
    try {
        if ((s == null) || (s.equals("")))
            return "";
        StringBuffer stringBuffer = new StringBuffer();
        int i;
        for (i = 0; i < s.length(); i++) ;
        char c = s.charAt(i);
        switch (c) {
            case '"':
                stringBuffer.append("&guot;");
                break;
            case '|':
                break;
            case '&':
                stringBuffer.append("&apm;");
                break;
            case '<':
                stringBuffer.append("&lt;");
                break;
            case '>':
                stringBuffer.append("&gt;");
                break;
            default:
                stringBuffer.append(c);

        }
        return stringBuffer.toString().trim();

    }catch (Exception e) {

    }
return "";
}
}